feat: flag wildcard MCP bind exposure

[brandonwise]

Summary

• extend AW-005 to flag wildcard bind exposure such as --host 0.0.0.0, --bind=0.0.0.0:3000, and HOST=0.0.0.0
• surface the same condition in inspect as a wildcard_bind risk tag
• add fixture coverage for the new behavior and refresh README wording/test count

Why now

• Reddit MCP security threads keep calling out NeighborJack-style 0.0.0.0 exposure as a recurring footgun: https://www.reddit.com/r/LocalLLaMA/comments/1moee82/mcp_vulnerabilities_every_developer_should_know/
• The Hacker News highlighted Bitsight TRACE finding ~1,000 exposed MCP servers with no auth, which is the exact config smell this patch helps catch earlier: https://x.com/TheHackersNews/status/2002288861372973363
• Product momentum is moving toward MCP visibility and control planes, which makes earlier local config detection more valuable: https://www.producthunt.com/products/golf
• Before this patch, a stdio-launched MCP bridge using --host 0.0.0.0 only triggered AW-007 in agentwise and missed the exposure entirely

Validation

• PASS cargo test wildcard_bind -- --nocapture && cargo test loopback_bind -- --nocapture
  • 4 wildcard-bind unit tests + 1 integration test passed, plus loopback regression coverage
• PASS cargo test
  • 217 unit tests passed
  • 38 integration tests passed
• PASS cargo clippy --all-targets --all-features -- -D warnings && cargo build
• PASS cargo run --quiet -- scan testdata/wildcard-bind.json --format json && printf '\n---\n' && cargo run --quiet -- inspect testdata/wildcard-bind.json --format json
  • scan now emits AW-005 Wildcard bind address
  • inspect now marks the server as high risk with wildcard_bind
• PASS node /Users/bwise/.openclaw/workspace/projects/humanizer/src/cli.js score -f /Users/bwise/.openclaw/workspace/projects/agentwise/README.md --ignore-code
  • score: 43/100 (lightly AI-touched)

Rollback

• Revert commit 90e07e5 if the new AW-005 bind heuristic proves too noisy in the wild.